[SOLVED] Terraform variable from gitlab CI/CD variables

Terraform variable from gitlab CI/CD variables

I understand that CI/CD variables can be used in HCL by counting on the fact that having them declared them with a TF_VAR_ prefix in the environment will enable me to look them up as input variables, then use them in the .tf file where I need them.

I did:

set my variable via the UI in the GitLab project, as TF_VAR_ibm_api_key, then masked it.
write a variable block for it in main.tf
call it where I need it in the same file main.tf
tried including the variable in variables.tf, same result
read the documentation from gitlab and from terraform, but I'm not getting this right.

This is my main.tf file:

variable ibm_api_key {
}

terraform {
  required_version = ">= 0.13"
required_providers {
    ibm = {
    source = "IBM-Cloud/ibm"
    }
 }
}

provider "ibm" {
  ibmcloud_api_key = var.ibm_api_key
}

Expected behavior: the variable is passed from the CI/CD and added to the HCL code.

Current behavior: during ´plan´, the job falls with error code 1

$ terraform plan
var.ibm_api_key
  Enter a value: ╷
│ Error: No value for required variable
│ 
│   on main.tf line 1:
│    1: variable ibm_api_key {
│ 
│ The root module input variable "ibm_api_key" is not set, and has no default
│ value. Use a -var or -var-file command line argument to provide a value for
│ this variable.
╵

although logically it can't seem to be the issue, I tried formatting the variable call as string interpolation, like:

provider "ibm" { ibmcloud_api_key = "${var.ibm_api_key}" } naturally to no avail.
although logically it can't seem to be the issue, I tried defining a type for the variable:

variable ibm_api_key { type = string } naturally to no avail.
In order to check if variables are passed from the CI/CD settings to the gitlab runner's environment, I added a variable that is neither protected nor masked, and assigned string inserted a double check:
- echo ${output_check}
- echo ${TF_VAR_ibm_api_key}

which does not result in an error, but are not being printed either. Only the "echo" commands appear in the output.

$ echo ${output_check}
$ echo ${TF_VAR_ibm_api_key}
Cleaning up project directory and file based variables 00:01
Job succeeded

Solution

The error was in the CI/CD settings. The variables were set to be exclusively passed to protected branches. I was pushing my code to an unprotected one, which prevented variables being passed. When merging the code to a protected branch, the variables showed up correctly. Variables are also correctly imported to Terraform, with the expected exclusion of the TF_VAR_ prefix.

TL;DR If you're having this issue in GitLab's CI/CD check your CICD variables' setting for protected branches, and if the branch you're pushing to corresponds to that setting.